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AppL No.: 10/644,841 

Reply to Office action of Jan. 29, 2007 

Amendments to the Claims: 

CLAIMS 

We claim: 

1 . (Currently amended) A security system for computers and/or 

computerized devices , wherein said computers are at least one of a 
personal computer, a network server, a cellular phone, a palm pilot, 
a car computer, and/or other computerized gadget, comprising at 
least one of : A system for automatic segregation between programs 
that is applied to at least one of the hard disks and other non volatile 
storage devices; 

a. A computer system wherein at least one of device drivers and/or an 
operating system and/or parts of it are in ring 0 but there is at least one 
more privileged area below ring 0, wherein there is a control system 
and/or security system which runs below the operating system ; 

b. A computer system wherein at least one of device drivers and/or an 
operating system and/or parts of it are in ring 0 but there is at least one 
more privileged area below ring 0 and/or within ring 0, wherein there 
is a control system and/or security system which runs below the 
operating system, and wherein at least if said more privileged area is 
within ring 0, said control system and/or security system is adapted to 
catch exceptions caused by device drivers in ring 0 and/or by the 
operating system; 

c. A system for segregation between programs and/or between virtual 
environments that is applied to at least one of hard disks and other 
storage media and/or other resources, wherein there are resources that 
are shared between virtual environments so that programs that are in a 
Virtual Environment are given the illusion that they are accessing said 
shared resources, but in reality if these programs make changes not 
explicitly allowed by the user in said shared resources, copv-on-write 
is used and/or said programs are redirected to another area so that said 
changes are only made in the virtual environment; 

d. A system for segregation between programs and/or between virtual 
environments that is applied to at least one of hard disks and other 
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storage media, wherein at least for one or more shared resources 
and/or for one or more programs and/or in one or more conditions if a 
program makes a change or changes in a shared resource, copy-on- 
write is used and/or said program is redirected to another area so that 
said changes are only made in the virtual environment and/or in said 
other area to which the program is redirected; 

e. A system for segregation between programs and/or between virtual 
environments that is applied to at least one hard disk and/or other non- 
volatile storage devices, wherein the system enables the user to 
interact with an integrated view of the desktop and/or of the file 
system, based on merged views of virtual environments, so that the 
user can interact with programs that are in a virtual environment 
without having to switch to their virtual environment; 

f. A system that creates automatic segregation between programs that is 
applied to at least one of the hard disks and other storage devices 
wherein files and directories are involved; 

g. A system that creates automatic segregation between programs which 
the user can access, so that the directory structure in which a file is 
located automatically affects the access rights of other programs to it; 

h. A security system capable of automatic segregation of programs into 
their natural environments so that by default programs are allowed to 
fully access files only within their natural environment, which is 
mainly the directory in which the program is installed and its sub- 
directories; 

L A security system and/or firewall that identifies if the user or an 

application initiated at least one of accessing a file outside the natural 
environment or virtual environment said application, and at least one 
potential security-risk command which is at least partially related to 
the hard disk or other non- volatile storage device, and so can allow 
more flexibility and/or less limitations and/or no limitations if the 
command was initiated directly by the user than if it was initiated by 
the application; 

j. A system and/or firewall that prevents programs from unauthorized 
trapping of the keyboard device in order to catch keystrokes of other 
programs, in order to prevent theft of data from the user's hard disk or 
other non- volatile storage device. 
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2. (Currently amended) The system of claim 1 wherein said automatic 
segregation is used and at least one of the following exists: 

a. A monitoring and capturing system, which monitors at least one 
of storage devices and communications devices; 

b. A database of security rules, comprising at least one of: a set of 
default rules, a set of pre-distribution acquired rules that are good 
for many users of the selected operating system, and acquired 
additional user-defined rules or authorizations ; and 

c. A user interface, which can interact with the user in order to at 
least one of: learn acceptable behavior patterns, warn the user of 
perceived dangers, wait for his authorization whenever necessary, 
and allow the user to view and modify the database of 
authorizations. 

3. (Original) The system of claim 2 wherein at least one of: 

a. Said user interface at least also warns the user explicitly in cases 
of potentially highly dangerous activities; 

b. Said database comprises also at least learned statistics of normal 
and reasonable behavior of programs in the user's computer; 

c. Said user interface at least also allows the user to view statistics 
of behavior of important programs and especially programs that 
are allowed to access communication channels, especially in 
what is related to sending and receiving data over the 
communication lines; 

d. Said database comprises also at least a log of the questions that 
the Security System asked the user and his replies kept at least 
for a certain period; and 

e. Said database comprises also at least, when needed, a log of 
suspicious activities detected kept at least for a certain period. 

4. (Currently amended) The system of claim 2 wherein the security rules and/or 
functions performed by the Security System comprise automatic segregation 
of programs into their natural environments and at least one of the following: 

a. Constantly monitoring the security- sensitive elements of the computer 
system, and mainly all relevant peripheral device activities, and 
especially storage devices and communication devices, and detecting 
and selectively intercepting security- sensitive behaviors, suspicious 
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behaviors and dangerous behaviors and acting upon them in according 
with default and acquired sets of security rules; 

b. At least one of Warning the user and request for authorization and 
automatic interception for security- sensitive activities and especially 
any first- time attempts to access communication channels; 

c. Enabling the user to request at least one of automatic blocking and 
warning of the user of any attempts of external programs from the 
network to connect to the user's computer through the communication 
channels; 

d. Interception and more explicit warning of the user about potentially 
highly dangerous activities; 

e. Warning the user about significant statistical deviations from normal 
behaviors of applications and operating system and especially as 
relates to suddenly sending out large amounts of data; 

f . Enabling the user to request enforcing of at least one of additional 
limitations on the communication ports allowed to be opened and 
when needed also limitations on types of protocols allowed; 

g. Monitoring and intercepting as much as possible all attempts of 
applications to gain direct port accesses to security sensitive devices 
and especially the storage media and the communication channels; 

h. Implementing Virtual Shared data areas on the storage media, for at 
least one of temporary files and accessing keys in the registry and 
other files, so that at least some programs are given the illusion that 
they are accessing the shared area, but in reality are each redirected to 
a separate private area; and 

i. Pushing at least part of the operating system from the most privileged 
processor ring to a lower privilege ring and enabling needed functions 
to run in said lower privilege ring. 

5. (Currently amended) The system of claim 21 -wherein a hardware element is 
5.T2 wherein said monitoring and capturing system includes also a hardware 
element which monitors hardw are accesses, so that the Security System can 
discover events wher e access has been made to the s e curity s e nsitive ports, 
especially the storage media and the communication channels, without an 
apparent corresponding event on the system level as monitored by said 
Security System's software used which monitors hardware accesses, so that 
the Security System and/or said hardware element can discover events where 
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access has been made to at least one of storage devices and communications 
devices without an apparent corresponding event on the system level . 

6. (Canceled). The system of claim 2 wherein said default automatic 
segregation is implemented so that, by default, each program is allowed to at 
least one of access, read, write, execute, create, and delete files only within 
its natural environment, and said natural environment is mainly the directory 
in which it is installed, its sub directories, and — for reading only — non 
strategic shared files, unless the program is explicitly giv e n more rights. 

7. (Canceled). The system of claim 1 wherein high security protected areas are 
at least one of: encrypted, mark e d with a finger print, and automatically 
backed up to as least one more area for additional safety. 

8. (Canceled). The system of claim 2 wherein the communication devices 
include also at least one of USB devices, Bluetooth devices and other 
wireless devices, and/or wherein the monitoring of access to communication 
devices includes also protocols for sending Faxes . 

9. (Currently amended) A security method for computers and/or computerized 
devices , wherein said computers are at least one of a personal computer, a 
network server, a cellular phone, a palm pilot, a car computer, and/or other 
computerized gadget, comprising at least one of the following steps: of using 
at least a method for automatic segregation betw een programs that is applied 
to at least one of the hard disks and other non volatile storage devices. 

a. Using a computer system wherein at least one of device drivers and/or an 
operating system and/or parts of it are in ring 0 but there is at least one 
more privileged area below ring 0, wherein there is a control system 
and/or security system which runs below the operating system ; 

b. Using a computer system wherein at least one of device drivers and/or an 
operating system and/or parts of it are in ring 0 but there is at least one 
more privileged area below ring 0 and/or within ring 0, wherein there is a 
control system and/or security system which runs below the operating 
system, and wherein at least if said more privileged area is within ring 0, 
said control system and/or security system is adapted to catch exceptions 
caused by device drivers in ring 0 and/or by the operating system; 

c. Using a system for segregation between programs and/or between virtual 
environments that is applied to at least one of hard disks and other storage 
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media and/or other resources, wherein there are resources that are shared 
between virtual environments so that programs that are in a Virtual 
Environment are given the illusion that they are accessing said shared 
resources, but in reality if these programs make changes not explicitly 
allowed by the user in said shared resources, copy-on- write is used and/or 
said programs are redirected to another area so that said changes are only 
made in the virtual environment; 

d. Using a system for segregation between programs and/or between virtual 
environments that is applied to at least one of hard disks and other storage 
media, wherein at least for one or more shared resources and/or for one or 
more programs and/or in one or more conditions if a program makes a 
change or changes in a shared resource, copy-on- write is used and/or said 
program is redirected to another area so that said changes are only made 
in the virtual environment and/or in said other area to which the program 
is redirected; 

e. Using a system for segregation between programs and/or between virtual 
environments that is applied to at least one hard disk and/or other non- 
volatile storage devices, wherein the system enables the user to interact 
with an integrated view of the desktop and/or of the file system, based on 
merged views of virtual environments, so that the user can interact with 
programs that are in a virtual environment without having to switch to 
their virtual environment; 

f. Using a system that creates automatic segregation between programs that 
is applied to at least one of the hard disks and other storage devices 
wherein files and directories are involved; 

g. Using a system that creates automatic segregation between programs 
which the user can access, so that the directory structure in which a file is 
located automatically affects the access rights of other programs to it; 

h. Using a security system capable of automatic segregation of programs 
into their natural environments so that by default programs are allowed to 
fully access files only within their natural environment, which is mainly 
the directory in which the program is installed and its sub-directories; 

i. Using a security system and/or firewall that identifies if the user or an 
application initiated at least one of accessing a file outside the natural 
environment or virtual environment said application, and at least one 
potential security-risk command which is at least partially related to the 
hard disk or other non- volatile storage device, and so can allow more 



30/07/07 Yaron Mayer et. al. 8/27 

flexibility and/or less limitations and/or no limitations if the command 
was initiated directly by the user than if it was initiated by the application; 
j. Using a system and/or firewall that prevents programs from unauthorized 
trapping of the keyboard device in order to catch keystrokes of other 
programs, in order to prevent theft of data from the user's hard disk or 
other non- volatile storage device. 

10. (Currently amended) The method of claim 9 wherein said automatic 
segregation is used and at least one of the following exists: 

a. Providing Using a monitoring and capturing system, which 
monitors at least one of storage devices and communications 
devices; 

b. Creating and maintaining Using a database of security rules, 

comprising at least one of: a set of default rules, a set of pre- 
distribution acquired rules that are good for many users of the 
selected operating system, and acquired additional user-defined 
rules or authorizations ; and 

c. Providing Using a user interface, which can interact with the user 

in order to at least one of: learn acceptable behavior patterns, 
warn the user of perceived dangers and wait for his authorization 
whenever necessary. 



11. (Original) The method of claim 10 wherein at least one of: 

a. Said user interface at least also warns the user explicitly in cases 
of potentially highly dangerous activities; 

b. Said database comprises also at least learned statistics of normal 
and reasonable behavior of programs in the user's computer; 

c. Said user interface at least also allows the user to view statistics 
of behavior of important programs and especially programs that 
are allowed to access communication channels, especially in 
what is related to sending and receiving data over the 
communication lines; 

d. Said database comprises also at least a log of the questions that 
the Security System asked the user and his replies kept at least 
for a certain period; and 

e. Said database comprises also at least, when needed, a log of 
suspicious activities detected kept at least for a certain period. 
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12. (Currently amended) The method of claim 10 wherein the security rules 
and/or functions performed by the Security System comprise automatic 
segregation of programs into their natural environments and at least one of 
the following: 

a. Constantly monitoring the security- sensitive elements of the computer 
system, and mainly all relevant peripheral device activities, and 
especially storage devices and communication devices, and detecting 
and selectively intercepting security- sensitive behaviors, suspicious 
behaviors and dangerous behaviors and acting upon them in according 
with default and acquired sets of security rules; 

b. At least one of Warning the user and request for authorization and 
automatic interception for security- sensitive activities and especially 
any first- time attempts to access communication channels; 

c. Enabling the user to request at least one of automatic blocking and 
warning of the user of any attempts of external programs from the 
network to connect to the user's computer through the communication 
channels; 

d. Interception and more explicit warning of the user about potentially 
highly dangerous activities; 

e. Warning the user about significant statistical deviations from normal 
behaviors of applications and operating system and especially as 
relates to suddenly sending out large amounts of data; 

f . Enabling the user to request enforcing of at least one of additional 
limitations on the communication ports allowed to be opened and 
when needed also limitations on types of protocols allowed; 

g. Monitoring and intercepting as much as possible all attempts of 
applications to gain direct port accesses to security sensitive devices 
and especially the storage media and the communication channels; 

h. Implementing Virtual Shared data areas on the storage media, for at 
least one of temporary files and accessing keys in the registry and 
other files, so that at least some programs are given the illusion that 
they are accessing the shared area, but in reality are each redirected to 
a separate private area; and 

i. Pushing at least part of the operating system from the most privileged 
processor ring to a lower privilege ring and enabling needed functions 
to run in said lower privilege ring. 
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13. (Currently amended) A computer security system capable of automatic 
segregation of programs into their natural environments so that at least for 
some programs each program is allowed to at least one of access, read, write, 
execute, create, and delete files only within its natural environment, which is 
mainly the directory in which it is installed^ and its sub-directories, and 
access to necessary system areas is based on virtual sharing, for reading only 

non strategic shared files, unless specifically given more right s. 

14. (Currently amended) A method of implementing security in computers by 
automatic segregation of programs into their natural environments so that at 
least for some programs each program is allowed to at least one of access, 
read, write, execute, create and delete files only within its natural 
environment, which is mainly the directory in which it is installed ? and its 
sub-directories, and access to necessary system areas is based on virtual 
sharing, for reading only — non strategic shared files, unless specifically 
given more rights . 

15. (Original) The Security system of claim 1 wherein the computer is at least 
one of: cellular phone, car computer, and other computerized gadget, and 
wherein at least one of: 

a. Access to highly sensitive data, such as credit card details or private 
encryption keys, needs explicit permission by the user. 

b. Any attempt to automatically generate an outgoing communication 
needs explicit permission by the user. 

c. Any attempts to alter at least one of EMROMM and important system 
files and sensitive data, need explicit permission by the user. 

16. (Original) The system of claim 1 wherein the user is an organization and at 
least some of the control over authorizations is in the hands of at least one of: 
at least one central authority, and the system administrator. 

17. (Canceled). The system of claim 16 wherein the Security System of the 
central authority and/or of the system administrator performs also at least on e 
e£ 

a. Automatically checking at least once in a while if the Security System 
is functioning properly on the oth e r computers. 
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b. Noticing and intercepting communication att e mpts from computers 
wh e re th e amount of actual communication does not fit the amount 
reported by the Security System of that computer. 

18. (Canceled). A security system wherein the communications device of each 
computer or group of computers is adapted to noticing and at least reporting 
back to at least one of the relevant computer, a central authority, and the 
system administrator about cases whore the amount of actual communication 
does not fit the amount reported by the Security System of that computer. 

19. (Currently amended) The system of claim 1 wherein by default at least for 
some programs each program can only see itself and the operating system 
and the computer resources that it is allowed to see, so that it lives in a 
Virtual Environment (VE). 

20. (Currently amended) The system of claim 1 wherein the Security System 
atee-identifies if the user or the application initiated at least one of accessing 
a file outside the natural environment or virtual environment of the program, 
and at least one ether potential security-risk commands which is at least 
partially related the disk or other non- volatile storage device , and so can 
allow more flexibility and/or less limitations and/or no limitations if the 
command was initiated directly by the user than if it was initiated by the 
application. 

21. (Canceled). The system of claim 20 wherein the S e curity Syst e m also makes 
sure that programs cannot create the false impression that certain actions 

w ere initiated by the user by falsifying user input through one of the input 
devices. 

22. (Currently amended) The system of claim 1 wherein at least one of the 
following features exists: t 

a. T he Security System also makes sure that when it requests authorization 
no other programs can enter false answers as if they were entered by the 
user through one of the input devices^ 

b. The Security System also makes sure that programs cannot create the 
false impression that certain actions were initiated by the user by 
falsifying user input through one of the input devices; 
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c. In the cases where private keys are generated or stored by the browsers, 
additional rules are used in order to identify the directories where these 
keys are held; 

d. The communication with at least one of a keyboard and a mouse uses 
encryption in order to prevent falsifying user responses; 

e. The communication with at least one of a keyboard and a mouse uses 
encryption in order to prevent falsifying user responses, and said 
encryption includes also a date & time stamp; 

f. In order to protect the segregation of processes in memory, the Security 
System asks the user to explicitly authorize programs that he wants to 
allow to access APIs that allow accessing the memory of other 
processes; 

g. In order to prevent device drivers from accessing devices other then 
those that they are intended to access, each device driver must have a 
definite type indicator and is allowed to access only devices of the 
indicated type; 

h. Each device driver is also prevented from accessing other device drivers 
that can access other types of devices; 

i. Installed drivers can also be associated with Virtual Environments, and 
thus limited in the scope of their actions; 

j. High security protected areas are at least one of: encrypted, marked with 
a finger print, and automatically backed up to as least one more area for 
additional safety. 

23. (Canceled). The system of claim 1 wherein in th e cases where private keys 
are generated or stored by the browsers, additional rul e s are used in order to 
id e ntify the directories where these keys are held. 

24. (Canceled). The security system of claim 1 wherein the communications 
device of each computer is adapted to notice and at least report back to the 
computer about cases where the amount of actual communication does not fit 
the amount reported by the softw are of that computer . 

25. (Canceled). The security system of claim 1 wherein the user is an 
organization and at least some of the control over authorizations is in the 
hands of at least one central authority, and the Security System on the central 
authority's computer and/or the communications device of each computer is 
adapted to notice and intercept communication attempts from computers 
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wher e the amount of actual communication does not fit the amount reported 
by the at l e ast one of: the software of that computer, and the operating system 
of that computer . 

26. (Canceled). The security method of claim 9 comprising the steps of using a 
communications device of each computer which is adapted to notice and at 
least report back to the computer about cases where the amount of actual 
communication does not fit the amount reported by the software of that 
computer . 

27. (Canceled). The security method of claim 9 wherein the user is an 
organization comprising the steps of using in each computer a 
communications device that is adapted notice and report back to the 
computer and/or to the central control about cases w here the amount of actual 
communication does not fit the amount reported by the software of that 
computer . 

28. (Original) The system of claim 1 wherein the Security System learns during 
the installation of new programs which files are related to them outside their 
directory tree. 

29. (Canceled). The system of claim 1 wherein any attempts of programs, 
initiated by the programs, to exceed their natural environments are 
automatically blocked by the security system. 

30. (Original) The system of claim 1 wherein the security system automatically 
blocks potentially highly dangerous activities or asks the user for explicit 
authorization, even if the user supposedly allowed this to an application 
through the dialog box. 

31. (Canceled). The security system of claim 1 wherein the communication w ith 
at least one of a keyboard and a mouse uses encryption in order to prevent 
falsifying us e r responses . 

32. (Canceled). The security system of claim 3 1 wherein said encryption 
includes also a date & time stamp . 
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33. (Canceled). A computer system wherein at least one of device drivers and/or 
the an operating system and/or parts of it are in ring 0 but there is at least one 
more privileged area below ring 0, wherein there is a control system and/or 
security system which runs below the operating system. A security system in 
computers wherein the security system automatically blocks potentially 
highly dangerous activities or asks the user for explicit authorization, wherein 
said potentially highly dangerous activities are at least some of: formatting a 
drive, concurrent deletion of multiple files, changing hard disk partition 
information, changing boot area information, installing drivers in levels close 
to the kernel of the op e rating system, accessing th e defined high security 
areas, modifying or renaming executables that reside outside the natural 
environment of the offending e xecutable programs, and changing the linking 
of file types with applications that will be run when clicking on them . 

34. (Canceled). The system of claim 17 wherein the security system of each 
computer also encrypts the outgoing data packets with a unique identifier for 
each computer and r e ports also additional data id e ntifying the packets that 
are being sent out, and so that at least one of the communication devices or 
the central authority can also find out if outgoing data packets have been 
changed . 

35. (Canceled). The system of claim 1 8 w herein the security system also 
encrypts the outgoing data packets and reports also additional data 
identifying the packets that are being sent out, so that the communication 
devices can also find out if outgoing data packets have been changed . 

36. (Canceled). The system of claim 2 4 wherein the security system also 
encrypts the outgoing data packets and reports also additional data 
identifying the packets that are being sent out, so that the communication 
devices can also find out if outgoing data packets have been changed 

37. (Currently amended) The system of claim 1 wherein if an application 
changes after being given certain permissions, the user is notified about and 
asked again for permissions or such changes are automatically prevented or 
the changed application is automatically limited to a new VE. 

38. (Original) The system of claim 1 wherein at least one of the following 
features exist: 
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a. The security system intercepts the operating system the moment it is 
being loaded into memory and transfers it to a higher ring so that any 
attempt by the operating system to access ring 0 will cause a CPU 
exception, and in order to increase efficiency the security system 
rewrites on the fly each such command in the operating system code 
which is running in the computer's RAM to access instead the current 
ring in which it is in, so that the next time that line of code is accessed 
in memory, the exception will not occur anymore until the next boot. 

b. The security system transfers only physical device drivers to a less 
privileged ring in order to be able to control direct access to physical 
devices. 

c. The operating system itself transfers physical device drivers to a less 
privileged ring in order to be able to control direct access to physical 
devices. 

d. At least one of the physical device drivers and the operating system 
are still in ring 0 but there is at least one more privileged area within 
ring 0 which can catch exceptions caused by at least one of device 
drivers in ring 0 and the operating system itself. 

e. At least one of the physical device drivers and the operating system 
are still in ring 0 but there is at least one more privileged area below 
ring 0 which can catch exceptions caused by at least one of device 
drivers in ring 0 and the operating system itself ^ 

39. (Canceled). The system of claim 17 wherein the communication device is 
also capable of generating automatically various reports on outgoing and/or 
incoming data and the security system makes sure that no other applications 
can interfere with the device driver of the communication card and thus 
interfere with these reports . 

40. (Canceled). The system of claim 18 wherein the communication device is 
also capable of generating automatically various reports on outgoing and/or 
incoming data and the security system makes sure that no other applications 
can int e rfer e with the device driver of th e communication card and thus 
interfere with these reports . 



41. (Currently amended) A security system for computers system wherein at 
least one of the physical device drivers and/or thean operating system and/or 
parts of it are stiH-in ring 0 but there is at least one more privileged area 
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within below ring 0 and/ or belew ^within ring 0 which can catch e xceptions 
caused by at least one of device drivers in ring 0 and the operating syst e m 
itsel f, wherein there is a control system and/or security system which runs 
below the operating system, and wherein at least if said more privileged area 
is within ring 0, said control system and/or security system is adapted to 
catch exceptions caused by device drivers in ring 0 and/or by the operating 
system. 

42. (Original) The system of claim 1 wherein at least one part of the security 
system becomes active even if the computer is booted from at least one of a 
floppy drive, CD, network drive, and any other source that is not the normal 
boot area. 

43. (Original) The system of claim 42 wherein at least one of the following 
features exist: 

a. Said activation is done by at least one of the BIOS and the processor 
itself before the normal boot sequence begins. 

b. If the security system discovers that the BIOS has been compromised 
or corrupted, it can at least one of issue a warning and restore it from 
various preferably hidden backups. 

c. The security system can determine that the bios has been 
compromised or corrupted by at least one of: if it was changed without 
authorization according to a digital signature and if it starts to behave 
suspiciously. 

d. When changes need to be made in at least one of the security system 
itself and the BIOS, a physical key needs to be physically attached to 
at least one of the computer amd any of its peripheral devices. 

44. (Canceled). The system of claim 1 wherein the Security System is an 
integral part of the operating system. 

45. (Original) The system of claim 19 wherein if an application launches 
another application, the newly launched application is limited to the VE of 
the launching application. 

46. (Original) The system of claim 1 wherein if users download many files into 
a single download directory, the security system at least one of: uses context 
sensitive information, and detects if a downloaded program starts looking at 
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files that were downloaded at different times or starts going over the entire 
directory or tries to modify other executables in that directory. 

47. (Canceled). The system of claim 1 wherein in order to protect the 
segregation of processes in memory, the Security System asks the user to 
explicitly authorize programs that he wants to allow to access APIs that allow 
accessing the memory of other processes . 

48. (Canceled). The system of claim 1 wherein in order to prevent device drivers 
from accessing devices other then those that they are intend e d to access, each 
device driver must have a definite type indicator and is allowed to access 
only devices of the indicated type . 

49. (Canceled). The system of claim 48 wherein each device driver is also 
prevented from accessing other device drivers that can access other types of 
devices . 

50. (Original) The system of claim 1 wherein the security system replaces at 
least some of the Operating System's dialogue boxes and other components 
that can request input from the user, so that the Security System has more 
control on what is happening in them. 

51. (Original) The system of claim 19 wherein programs are allowed to send OS 
messages only to programs which are running within their own Virtual 
Environments 

52. (Original) The system of claim 1 wherein the Security system replaces at 
least some of the OS functions that deal with the OS message system, and 
attaches to each message an identification that shows if the OS or another 
application is the source of the message, and the Security System allows 
certain messages to be initiated only by the OS. 

53. (Canceled). A s e curity system wherein the Security system replaces at l e ast 
some of the OS functions that deal w ith the OS message system, and attaches 
to each message an identification that shows if the OS or another application 
is the source of the message, and the Security System allows certain 
messages to be initiated only by the OS . 
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54. (Original) The system of claim 20 wherein at least one of the following 
features exist: 

a. In order to prevent misleading textual questions the Security system 
uses also at least partial semantic analysis of what the user is really 
being asked, by at least one of: analyzing sentence structures or at 
least significant word combinations and/or using various rules and/or a 
statistical database of commonly used questions. 

b. In order to prevent misleading textual questions the Security system 
guards at least the top line title of the dialogue box, so the when it is 
an "open file" dialogue box, it will always say so clearly, and if it is a 
"save file" dialog box it will always say so clearly. 

c. A new protocol is introduced for dialogue boxes, in which only the 
security systems runs completely the dialogue box and the programs 
have to indicate in a more structured format, what they want exactly. 

d. The security system automatically blocks potentially highly dangerous 
activities or asks the user for explicit authorization, even if the user 
supposedly allowed this to an application through the dialog box. 

55. (Canceled). The system of claim 1 wherein the security system knows 
automatically about at least some highly important user files and directories. 

56. (Currently amended) The system of claim 55 wherein the security system 
knows automatically about at least some highly important user files and 
directories, and at least one of the following features exist: 

a. Said files are at least one of ".doc" files and source code files, and said 
directories are at least directories containing such files, at least if these 
files were created by the user. 

b. The security system can identify strategic files and/or directories by at 
least one of: using predefined rules; automatically marking programs 
as highly strategic according to the number and/or types of 
authorizations they have and/or by the fact that the user is using them 
interactively more than other programs or files or directories; and 
allowing the user explicitly to mark certain directories and/or certain 
file name extensions as highly protected. 

c. The user is explicitly warned by the security system about attempts of 
programs to access highly important user files or directories even if 
the user supposedly allowed the program to access them through the 
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dialogue box - if the program is not normally associated with such 
files or directories. 

57. (Canceled). The system of claim 19 wherein installed drivers can also b e 
associated with Virtual Environments, and thus limited in the scope of their 
actions . 

58. (Original) The system of claim 1 wherein the security system prevents 
running processes from at least one of: Changing their code in memory, and 
Changing the disk file of their executable code. 

59. (Canceled). The system of claim 1 wherein at least on e of programs that can 
access the Internet, Browsers, important Operating system files, and other 
highly strategic programs, cannot be changed or cannot run EVEN if the user 
authorizes the change directly to the Security System, unless the update or 
patch carries a digital certificated that proves that it is indeed an authorized 
and unchanged official patch by the vendor who made the original program . 

60. (Currently amended) The system of claim 1 wherein the security system also 
prevents applications from accessing directly lower level functions that can 
access - hard disks and/or other devices except by calling them through the 
normal kernel interface. 

61. (Original) The system of claim 19 wherein at least one of the following 
features exist: 

a. Unless explicitly given additional rights by the user all of the actions 
initiated by a program are automatically limited to the scope of its own 
VE. 

b. When a new program is being installed the user has the option of 
choosing a new VE for that program, or allowing it to become an 
update of an already existing VE, or allowing it to have free access to 
the entire computer. 

c. The user is able to correct mistakes, at least for a certain time, by 
undoing the installation of programs, at least when they are installed in 
a limited VE. 

d. If shared drives are allowed, only the user is allowed to access files on 
shared drives on other computers, or each program is allowed to see 
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and access in each shared drive only the same VE that it has on its 
own computer. 

e. If the user allows a newly installing program to inherit or overwrite an 
existing VE, the security system first creates a virtual private 
environment copy of the modified directories, at least for a certain 
period, so that the user can still request to undo this if he made a 
mistake, at least for a certain period. 

f . The security system backs up all the changed files or directories at 
least for a certain time and/or keeps a rollback log of all changes that 
were made to the relevant files and directories or even of all changes 
anywhere in at least one of the hard disk and other non-volatile storage 
devices, in order to enable the undo if the user needs it. 

g. Even when the user allows a program to be installed without VE 
limitations, any changes in the entire hard disk after or during the 
installation, are completely undo-able at least for a certain time period. 

h. Even if the user requested installation without VE limitation, the new 
program is first installed in a separate VE, and only after a certain time 
period or after the user authorizes it (and/or for example after the 
security system checks various parameters to see that things seem ok), 
the VE limitations are lifted or this VE is merged with the unlimited 
VE. 

62. (Original) The system of claim 1 wherein any changes that happen on at 
least one of the hard disk and other nonvolatile storage devices and other 
connected media are completely undo-able at least for a certain time period, 
by keeping a rollback log of all changes or of all significant changes. 

63. (Original) The system of claim 1 wherein the security system can identify at 
least one of strategic files and strategic directories by at least one of: using 
predefined rules; automatically marking programs as highly strategic 
according to the number and/or types of authorizations they have and/or by 
the fact that the user is using them interactively more than other programs or 
files or directories; and allowing the user explicitly to mark certain 
directories and/or certain file name extensions as highly protected. 

64. (Original) The system of claim 1 wherein at least one of the Security System 
and the Operating system can alert the user and/or automatically prevent or 
take action if a malicious program tries to misuse at least one of the CPU 
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resources, the free RAM memory, and the free space of the disk and/or other 
non- volatile storage devices and/or if it creates on purpose an artificial load 
on disk activity, and wherein at least one of the following is done: 

a. Taking over the free disk space is prevented by a default quota for each 
newly installed application, which can be changed by the user if needed. 

b. Creating false load on the disk activity can be prevented by detecting 
automatically suspect behaviors. 

c. The Security System and/or the Operating System automatically shows 
to the user and/or to the administrator in an organization, whenever any 
of the CPU and/or RAM resources become too low, or whenever 
significant deviations from normal statistics in this resources are 
detected, at least one of: Which applications are taking up most of these 
resources, the percent they are using, and, to the extent possible, what 
they are doing, and the VE of these processes. 

d. Automatically detecting by at least one of software and hardware in the 
CPU itself at least one of entering the CPU into useless loops and other 
suspect activities in the CPU. 

e. The OS or the Security System requests authorization from the user if a 
program requests Real-time priority or any other priority that can 
significantly slow down other processes, at least the first time it tries to 
get such priority or unless the user gives it such a privilege from then 
on. 

65. (Canceled). The system of claim 1 wherein at least one of the following 
features exists: 

a.The CPU has hardw are support for automatically refusing to execute any 

code which is in an area defined as data. 
bra. The CPU refuses to return from the stack to addresses that are outside 

the memory area of the program 9 s code^ 

66. (Original) The system of claim 1 wherein the hardware of the CPU and/or 
the hardware of the disk itself does not allow any access to a file unless the 
software that tries to access it is identified as its rightful owner, by at least 
one of providing the appropriate password, and other means. 

67. (New) The system of claim 1 wherein at least in one mode and for at least some 
of the files and/or directories there is an indication near the file and/or directory 
if it is a real file or a virtual file and/or the user and/or the administrator can see 
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by clicking on the file and/or by the color of the file name or icon and/or by 
other indication, to which virtual environment it belongs. 

68. (New) The system of claim 1 wherein embedded objects or plug-ins are 
executed each at a separate VE but appear visually integrated, and at least one of 
the following features exists: 

a. There is no real connection between the two objects other than their 
internal communication stream; 

b. The security system filters or controls the communication between the 
two objects; 

c. The visual integration is implemented with the aid of a graphical proxy, 
which makes a combination of programs look as if they are integrated, 
while in reality they run in different Ves; 

d. Each COM (Component Object Module) server is allowed to run only in 
one VE, thus avoiding the situation where the same COM server could be 
giving services at the same time to programs that are on separate VEs. 

69. (New) The system of claim 1 further comprising a system for learning normal 
behavior statistics, and automatic detection of at least one of: unusual disk 
activity of applications and unusual sending out large amounts of data. 

70. (New) The system of claim 1 comprising a system for segregation between 
programs and/or between virtual environments that is applied to at least one of 
hard disks and other storage media and/or other resources, wherein there are 
resources that are shared between virtual environments so that programs that are 
in a Virtual Environment are given the illusion that they are accessing said 
shared resources, but in reality if these programs make changes not explicitly 
allowed by the user in said shared resources, copy-on- write is used and/or said 
programs are redirected to another area so that said changes are only made in the 
virtual environment. 

71. (New) The system of claim 1 comprising a system for segregation between 
programs and/or between virtual environments that is applied to at least one of 
hard disks and other storage media, wherein at least for one or more shared 
resources and/or for one or more programs and/or in one or more conditions if a 
program makes a change or changes in a shared resource, copy-on-write is used 
and/or said program is redirected to another area so that said changes are only 
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made in the virtual environment and/or in said other area to which the program is 
redirected. 

72. (New) The system of claim 1 comprising a system for segregation between 
programs and/or between virtual environments that is applied to at least one hard 
disk and/or other non- volatile storage devices, wherein the system enables the 
user to interact with an integrated view of the desktop and/or of the file system, 
based on merged views of virtual environments, so that the user can interact with 
programs that are in a virtual environment without having to switch to their 
virtual environment. 

73. (New) The system of claim 1 comprising a system that creates automatic 
segregation between programs that is applied to at least one of the hard disks and 
other storage devices wherein files and directories are involved. 

74. (New) The system of claim 1 comprising a system that creates automatic 
segregation between programs which the user can access, so that the directory 
structure in which a file is located automatically affects the access rights of other 
programs to it; 

75. (New) The system of claim 1 comprising a security system capable of automatic 
segregation of programs into their natural environments so that by default 
programs are allowed to fully access files only within their natural environment, 
which is mainly the directory in which the program is installed and its sub- 
directories; 

76. (New) The system of claim 1 comprising a system and/or firewall that prevents 
programs from unauthorized trapping of the keyboard device in order to catch 
keystrokes of other programs, in order to prevent theft of data from the user's 
hard disk or other non- volatile storage device. 

77. (New) The method of claim 9 wherein a system for segregation between 
programs and/or between virtual environments is used that is applied to at least 
one of hard disks and other storage media and/or other resources, wherein there 
are resources that are shared between virtual environments so that programs that 
are in a Virtual Environment are given the illusion that they are accessing said 
shared resources, but in reality if these programs make changes not explicitly 
allowed by the user in said shared resources, copy-on- write is used and/or said 
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programs are redirected to another area so that said changes are only made in the 
virtual environment. 

78. (New) The method of claim 9 wherein a system for segregation between 
programs and/or between virtual environments is used that is applied to at least 
one of hard disks and other storage media, wherein at least for one or more 
shared resources and/or for one or more programs and/or in one or more 
conditions if a program makes a change or changes in a shared resource, copy- 
on-write is used and/or said program is redirected to another area so that said 
changes are only made in the virtual environment and/or in said other area to 
which the program is redirected. 

79. (New) The method of claim 9 wherein a system for segregation between 
programs and/or between virtual environments is used that is applied to at least 
one hard disk and/or other non- volatile storage devices, wherein the system 
enables the user to interact with an integrated view of the desktop and/or of the 
file system, based on merged views of virtual environments, so that the user can 
interact with programs that are in a virtual environment without having to switch 
to their virtual environment. 

80. (New) The method of claim 9 wherein a system that creates automatic 
segregation between programs is used that is applied to at least one of the hard 
disks and other storage devices wherein files and directories are involved. 

81. (New) The method of claim 9 wherein a system is used that creates automatic 
segregation between programs which the user can access, so that the directory 
structure in which a file is located automatically affects the access rights of other 
programs to it; 

82. (New) The method of claim 9 wherein a security system capable of automatic 
segregation of programs into their natural environments is used so that by default 
programs are allowed to fully access files only within their natural environment, 
which is mainly the directory in which the program is installed and its sub- 
directories; 

83. (New) The method of claim 9 wherein a security system and/or firewall is used 
that identifies if the user or an application initiated at least one of accessing a file 
outside the natural environment or virtual environment said application, and at 
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least one potential security-risk command which is at least partially related to the 
hard disk or other non- volatile storage device, and so can allow more flexibility 
and/or less limitations and/or no limitations if the command was initiated 
directly by the user than if it was initiated by the application; 

84. (New) The method of claim 9 wherein a system and/or firewall is used that 
prevents programs from unauthorized trapping of the keyboard device in order to 
catch keystrokes of other programs, in order to prevent theft of data from the 
user's hard disk or other non- volatile storage device. 

85. (New) The system of claim 1 wherein at least one program is given the illusion 
that it installed itself on the root of a drive, but in fact it is installed in a lower 
directory. 

86. (New) The system of any claim 1 wherein said copy-on- write and/or redirection 
to another area for making changes is used at least in one or more cases when a 
program does not have sufficient rights to make changes in one or more files or 
directories or other shared resources. 

87. (New) The system of claim 1 wherein "at least in one or more cases" means "at 
least for one or more programs". 

88. (New) The system of claim 1 wherein at least for some programs the program is 
automatically first installed in a separate VE even if the user did not request to 
install the program within a virtual environment, and only after a certain time 
period or after the user authorizes it, and/or after the security system checks 
various parameters to see that things seem ok, the VE limitations are lifted or 
this VE is merged with the unlimited normal environment. 

89. (New) The system of claim 1 wherein programs can be given the illusion that 
they have accessed shared keys in the registry, while in practice they are 
redirected each to its individual private file of relevant registry keys. 

90. (New) The system of claim 1 wherein said copy-on- write and/or redirection to 
another area for making changes is implemented at least when some programs 
need to install certain files in system directories. 
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91. (New) The method of claim 9 wherein said copy-on- write and/or redirection to 
another area for making changes is implemented at least when some programs 
need to install certain files in system directories. 

92. (New) The system of claim 1 wherein virtual shared directories are 
implemented by giving a program a logical view of the shared directory or of 
only some of the files in it, so that if the program is allowed to see the file it sees 
the original copy, but if it changes files in the shared directory, said files will in 
reality be copied into files in the program's individual private area and changed 
only there. 

93. (New) The method of claim 9 wherein virtual shared directories are 
implemented by giving a program a logical view of the shared directory or of 
only some of the files in it, so that if the program is allowed to see the file it sees 
the original copy, but if it changes files in the shared directory, said files will in 
reality be copied into files in the program's individual private area and changed 
only there. 

94. (New) The system of claim 1 wherein at least one Internet browser is by default 
automatically limited to its natural environment or virtual environment. 



